On Tue, Aug 01, 2023 at 02:30:44PM -0700, Brennan Lamoreaux wrote:
From: Joe Perches joe@perches.com
commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream
Convert the various sprintf fmaily calls in sysfs device show functions to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
Done with:
$ spatch -sp-file sysfs_emit_dev.cocci --in-place --max-width=80 .
And cocci script:
$ cat sysfs_emit_dev.cocci @@ identifier d_show; identifier dev, attr, buf; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... return
- sprintf(buf,
- sysfs_emit(buf, ...); ...>
}
@@ identifier d_show; identifier dev, attr, buf; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... return
- snprintf(buf, PAGE_SIZE,
- sysfs_emit(buf, ...); ...>
}
@@ identifier d_show; identifier dev, attr, buf; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... return
- scnprintf(buf, PAGE_SIZE,
- sysfs_emit(buf, ...); ...>
}
@@ identifier d_show; identifier dev, attr, buf; expression chr; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... return
- strcpy(buf, chr);
- sysfs_emit(buf, chr); ...>
}
@@ identifier d_show; identifier dev, attr, buf; identifier len; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... len =
- sprintf(buf,
- sysfs_emit(buf, ...); ...> return len;
}
@@ identifier d_show; identifier dev, attr, buf; identifier len; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... len =
- snprintf(buf, PAGE_SIZE,
- sysfs_emit(buf, ...); ...> return len;
}
@@ identifier d_show; identifier dev, attr, buf; identifier len; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <... len =
- scnprintf(buf, PAGE_SIZE,
- sysfs_emit(buf, ...); ...> return len;
}
@@ identifier d_show; identifier dev, attr, buf; identifier len; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { <...
- len += scnprintf(buf + len, PAGE_SIZE - len,
- len += sysfs_emit_at(buf, len, ...); ...> return len;
}
@@ identifier d_show; identifier dev, attr, buf; expression chr; @@
ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) { ...
- strcpy(buf, chr);
- return strlen(buf);
- return sysfs_emit(buf, chr);
}
Signed-off-by: Joe Perches joe@perches.com Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.160028592... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ] Signed-off-by: Brennan Lamoreaux blamoreaux@vmware.com
Thanks, now queued up.
greg k-h